diff --git a/Berksfile b/Berksfile index a4fb383..a603520 100644 --- a/Berksfile +++ b/Berksfile @@ -8,3 +8,6 @@ cookbook "openstack-identity", github: "openstack/cookbook-openstack-identity" cookbook "openstack-common", github: "openstack/cookbook-openstack-common" +cookbook "openstackclient", + github: "cloudbau/cookbook-openstackclient" + diff --git a/README.md b/README.md index aaf12fe..18415b6 100644 --- a/README.md +++ b/README.md @@ -29,9 +29,10 @@ Cookbooks The following cookbooks are dependencies: - 'apt', '~> 4.0' -- 'openstack-common', '>= 13.0.0' -- 'openstack-identity', '>= 13.0.0' -- 'openstack-image', '>= 13.0.0' +- 'openstack-common', '>= 14.0.0' +- 'openstack-identity', '>= 14.0.0' +- 'openstack-image', '>= 14.0.0' +- 'openstackclient', '>= 0.1.0' Attributes ========== @@ -96,6 +97,7 @@ License and Author | **Author** | Eric Zhou () | | **Author** | Edwin Wang () | | **Author** | Jan Klare () | +| **Author** | Christoph Albers () | | | | | **Copyright** | Copyright (c) 2012, Rackspace US, Inc. | | **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. | diff --git a/attributes/cinder_conf.rb b/attributes/cinder_conf.rb index 9e16ece..d09457b 100644 --- a/attributes/cinder_conf.rb +++ b/attributes/cinder_conf.rb @@ -9,10 +9,14 @@ default['openstack']['block-storage']['conf'].tap do |conf| conf['DEFAULT']['control_exchange'] = 'cinder' conf['DEFAULT']['volume_group'] = 'cinder-volumes' conf['DEFAULT']['state_path'] = '/var/lib/cinder' - conf['keystone_authtoken']['auth_type'] = 'v2password' + conf['keystone_authtoken']['auth_type'] = 'v3password' conf['keystone_authtoken']['region_name'] = node['openstack']['region'] conf['keystone_authtoken']['username'] = 'cinder' - conf['keystone_authtoken']['tenant_name'] = 'service' + conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version'] + conf['keystone_authtoken']['project_name'] = 'service' + conf['keystone_authtoken']['user_domain_name'] = 'Default' conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api' + conf['keystone_authtoken']['project_domain_name'] = 'Default' + conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp' end diff --git a/attributes/default.rb b/attributes/default.rb index 8fb12f0..b4139d0 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -49,7 +49,7 @@ default['openstack']['block-storage']['rabbit_server_chef_role'] = 'os-ops-messa default['openstack']['block-storage']['keystone_service_chef_role'] = 'keystone' default['openstack']['block-storage']['service_user'] = 'cinder' -default['openstack']['block-storage']['service_tenant_name'] = 'service' +default['openstack']['block-storage']['project'] = 'service' default['openstack']['block-storage']['service_role'] = 'service' default['openstack']['block-storage']['service_name'] = 'cinderv2' default['openstack']['block-storage']['service_type'] = 'volumev2' diff --git a/metadata.rb b/metadata.rb index df1ecb3..18e321d 100644 --- a/metadata.rb +++ b/metadata.rb @@ -17,3 +17,4 @@ depends 'apt', '~> 4.0' depends 'openstack-common', '>= 14.0.0' depends 'openstack-identity', '>= 14.0.0' depends 'openstack-image', '>= 14.0.0' +depends 'openstackclient' diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index 8133bba..08897cf 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -27,102 +27,112 @@ class ::Chef::Recipe end identity_admin_endpoint = admin_endpoint 'identity' -bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token' -auth_uri = ::URI.decode identity_admin_endpoint.to_s -admin_cinder_api_endpoint = admin_endpoint 'block-storage' -internal_cinder_api_endpoint = internal_endpoint 'block-storage' -public_cinder_api_endpoint = public_endpoint 'block-storage' +auth_url = ::URI.decode identity_admin_endpoint.to_s + +interfaces = { + public: { url: public_endpoint('block-storage') }, + internal: { url: internal_endpoint('block-storage') }, + admin: { url: admin_endpoint('block-storage') } +} service_pass = get_password 'service', 'openstack-block-storage' region = node['openstack']['block-storage']['region'] -service_tenant_name = node['openstack']['block-storage']['service_tenant_name'] +service_project_name = node['openstack']['block-storage']['conf']['keystone_authtoken']['project_name'] service_user = node['openstack']['block-storage']['service_user'] +admin_user = node['openstack']['identity']['admin_user'] +admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] +admin_project = node['openstack']['identity']['admin_project'] +admin_domain = node['openstack']['identity']['admin_domain_name'] +service_domain_name = node['openstack']['block-storage']['conf']['keystone_authtoken']['user_domain_name'] service_role = node['openstack']['block-storage']['service_role'] service_name = node['openstack']['block-storage']['service_name'] service_type = node['openstack']['block-storage']['service_type'] -openstack_identity_register 'Register Service Tenant' do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name service_tenant_name - tenant_description 'Service Tenant' - action :create_tenant +connection_params = { + openstack_auth_url: "#{auth_url}/auth/tokens", + openstack_username: admin_user, + openstack_api_key: admin_pass, + openstack_project_name: admin_project, + openstack_domain_name: admin_domain +} + +# Register VolumeV2 Service +openstack_service service_name do + type service_type + connection_params connection_params end -openstack_identity_register 'Register Cinder V2 Volume Service' do - auth_uri auth_uri - bootstrap_token bootstrap_token - service_name service_name - service_type service_type - service_description 'Cinder Volume Service V2' - endpoint_region region - endpoint_adminurl ::URI.decode admin_cinder_api_endpoint.to_s - endpoint_internalurl ::URI.decode internal_cinder_api_endpoint.to_s - endpoint_publicurl ::URI.decode public_cinder_api_endpoint.to_s - action :create_service +interfaces.each do |interface, res| + # Register VolumeV2 Endpoints + openstack_endpoint service_type do + service_name service_name + interface interface.to_s + url res[:url].to_s + region region + connection_params connection_params + end end -openstack_identity_register 'Register Cinder V2 Volume Endpoint' do - auth_uri auth_uri - bootstrap_token bootstrap_token - service_name service_name - service_type service_type - service_description 'Cinder Volume Service V2' - endpoint_region region - endpoint_adminurl ::URI.decode admin_cinder_api_endpoint.to_s - endpoint_internalurl ::URI.decode internal_cinder_api_endpoint.to_s - endpoint_publicurl ::URI.decode public_cinder_api_endpoint.to_s - action :create_endpoint +# Register Service Project +openstack_project service_project_name do + connection_params connection_params end +# Register Service User +openstack_user service_user do + project_name service_project_name + role_name service_role + password service_pass + connection_params connection_params +end + +## Grant Service role to Service User for Service Tenant ## +openstack_user service_user do + role_name service_role + project_name service_project_name + connection_params connection_params + action :grant_role +end + +openstack_user service_user do + domain_name service_domain_name + role_name service_role + connection_params connection_params + action :grant_domain +end # --------------------- WORKAROUND --------------------------------------# # Currently this bug is still open # (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and # enable the cinder v1 api to make it available via the dashboard. This should # be removed with the final mitaka release. -openstack_identity_register 'Register Cinder V1 Volume Service' do - auth_uri auth_uri - bootstrap_token bootstrap_token - service_name (service_name.gsub(/v2/, '')) - service_type (service_type.gsub(/v2/, '')) - service_description 'Cinder Volume Service V1' - endpoint_region region - endpoint_adminurl (::URI.decode admin_cinder_api_endpoint.to_s.gsub(/v2/, 'v1')) - endpoint_internalurl (::URI.decode internal_cinder_api_endpoint.to_s.gsub(/v2/, 'v1')) - endpoint_publicurl (::URI.decode public_cinder_api_endpoint.to_s.gsub(/v2/, 'v1')) - action :create_service +# openstack_identity_register 'Register Cinder V1 Volume Service' do +# auth_uri auth_uri +# bootstrap_token bootstrap_token +# service_name ((service_name).gsub(/v2/, '')) +# service_type ((service_type).gsub(/v2/, '')) +# service_description 'Cinder Volume Service V1' +# endpoint_region region +# endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1')) +# endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1')) +# endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1')) +# action :create_service +# end + +# Register Volume Service +openstack_service 'cinder' do + type 'volume' + connection_params connection_params end -openstack_identity_register 'Register Cinder V1 Volume Endpoint' do - auth_uri auth_uri - bootstrap_token bootstrap_token - service_name (service_name.gsub(/v2/, '')) - service_type (service_type.gsub(/v2/, '')) - service_description 'Cinder Volume Service V1' - endpoint_region region - endpoint_adminurl (::URI.decode admin_cinder_api_endpoint.to_s.gsub(/v2/, 'v1')) - endpoint_internalurl (::URI.decode internal_cinder_api_endpoint.to_s.gsub(/v2/, 'v1')) - endpoint_publicurl (::URI.decode public_cinder_api_endpoint.to_s.gsub(/v2/, 'v1')) - action :create_endpoint +interfaces.each do |interface, res| + # Register VolumeV1 Endpoints + openstack_endpoint 'volume' do + service_name 'cinder' + interface interface.to_s + url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1') + region region + connection_params connection_params + end end # --------------------- WORKAROUND --------------------------------------# - -openstack_identity_register 'Register Cinder Service User' do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name service_tenant_name - user_name service_user - user_pass service_pass - user_enabled true # Not required as this is the default - action :create_user -end - -openstack_identity_register 'Grant service Role to Cinder Service User for Cinder Service Tenant' do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name service_tenant_name - user_name service_user - role_name service_role - action :grant_role -end diff --git a/spec/cinder_common_spec.rb b/spec/cinder_common_spec.rb index a224659..8e65abf 100644 --- a/spec/cinder_common_spec.rb +++ b/spec/cinder_common_spec.rb @@ -77,13 +77,11 @@ describe 'openstack-block-storage::cinder-common' do context 'endpoint related' do it 'has auth_uri' do - expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v2.0$}) + expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$}) end end - it 'has no auth_version when auth_version is v2.0' do - node.set['openstack']['block-storage']['api']['auth']['version'] = 'v2.0' - + it do expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/) end diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index 35b79ea..6a8def2 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -12,153 +12,117 @@ describe 'openstack-block-storage::identity_registration' do include_context 'block-storage-stubs' - it 'registers service tenant' do - expect(chef_run).to create_tenant_openstack_identity_register( - 'Register Service Tenant' + connection_params = { + openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens', + openstack_username: 'admin', + openstack_api_key: 'emc_test_pass', + openstack_project_name: 'admin', + openstack_domain_name: 'default' + } + service_name = 'cinderv2' + service_type = 'volumev2' + service_user = 'cinder' + url = 'http://127.0.0.1:8776/v2/%(tenant_id)s' + region = 'RegionOne' + project_name = 'service' + role_name = 'service' + password = 'cinder-pass' + domain_name = 'Default' + + it "registers #{project_name} Project" do + expect(chef_run).to create_openstack_project( + project_name ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - tenant_description: 'Service Tenant' + connection_params: connection_params ) end - it 'registers cinder v2 volume service' do - expect(chef_run).to create_service_openstack_identity_register( - 'Register Cinder V2 Volume Service' + it "registers #{service_name} service" do + expect(chef_run).to create_openstack_service( + service_name ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'cinderv2', - service_type: 'volumev2', - service_description: 'Cinder Volume Service V2', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s' + connection_params: connection_params, + type: service_type ) end - context 'registers v2 volume endpoint' do - it 'with default values' do - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Cinder V2 Volume Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'cinderv2', - service_type: 'volumev2', - service_description: 'Cinder Volume Service V2', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s' - ) + context "registers #{service_name} endpoint" do + %w(admin internal public).each do |interface| + it "#{interface} endpoint with default values" do + expect(chef_run).to create_openstack_endpoint( + service_type + ).with( + service_name: service_name, + # interface: interface, + url: url, + region: region, + connection_params: connection_params + ) + end end + %w(admin internal public).each do |interface| + it "#{interface} with different service type/name and registers v1 endpoint" do + node.set['openstack']['block-storage']['service_name'] = 'cinder' + node.set['openstack']['block-storage']['service_type'] = 'volume' - it 'with all different URLs' do - admin_url = 'https://admin.host:123/admin_path' - internal_url = 'http://internal.host:456/internal_path' - public_url = 'https://public.host:789/public_path' - - node.set['openstack']['endpoints']['internal']['block-storage']['uri'] = internal_url - node.set['openstack']['endpoints']['admin']['block-storage']['uri'] = admin_url - node.set['openstack']['endpoints']['public']['block-storage']['uri'] = public_url - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Cinder V2 Volume Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'cinderv2', - service_type: 'volumev2', - service_description: 'Cinder Volume Service V2', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: public_url - ) - end - - it 'with different service type/name' do - node.set['openstack']['block-storage']['service_name'] = 'cinder' - node.set['openstack']['block-storage']['service_type'] = 'volume' - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Cinder V2 Volume Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'cinder', - service_type: 'volume', - service_description: 'Cinder Volume Service V2', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s' - ) + expect(chef_run).to create_openstack_endpoint( + 'volume' + ).with( + service_name: 'cinder', + # interface: interface, + url: 'http://127.0.0.1:8776/v1/%(tenant_id)s', + region: 'RegionOne', + connection_params: connection_params + ) + end end it 'with custom region override' do node.set['openstack']['block-storage']['region'] = 'volumeRegion' - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Cinder V2 Volume Endpoint' - ).with(endpoint_region: 'volumeRegion') + expect(chef_run).to create_openstack_endpoint( + service_type + ).with(region: 'volumeRegion') end end it 'registers service user' do - expect(chef_run).to create_user_openstack_identity_register( - 'Register Cinder Service User' + expect(chef_run).to create_openstack_user( + service_user ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - user_name: 'cinder', - user_pass: 'cinder-pass', - user_enabled: true + project_name: project_name, + role_name: role_name, + password: password, + connection_params: connection_params ) end - it 'grants service role to service user for service tenant' do - expect(chef_run).to grant_role_openstack_identity_register( - 'Grant service Role to Cinder Service User for Cinder Service Tenant' + it do + expect(chef_run).to grant_domain_openstack_user( + service_user ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - user_name: 'cinder', - role_name: 'service' + domain_name: domain_name, + role_name: role_name, + connection_params: connection_params ) end + it do - expect(chef_run).to create_service_openstack_identity_register( - 'Register Cinder V1 Volume Service' + expect(chef_run).to grant_role_openstack_user( + service_user ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'cinder', - service_type: 'volume', - service_description: 'Cinder Volume Service V1', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s' + project_name: project_name, + role_name: role_name, + password: password, + connection_params: connection_params ) end - it do - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Cinder V1 Volume Endpoint' + + it 'registers cinder v1 volume service' do + expect(chef_run).to create_openstack_service( + 'cinder' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_name: 'cinder', - service_type: 'volume', - service_description: 'Cinder Volume Service V1', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s', - endpoint_internalurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s', - endpoint_publicurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s' + connection_params: connection_params, + type: 'volume' ) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 9b80925..0876859 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -108,12 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar it do [ - /^auth_type = v2password$/, + /^auth_type = v3password$/, /^region_name = RegionOne$/, /^username = cinder/, - /^tenant_name = service$/, + /^project_name = service$/, + /^user_domain_name = Default/, + /^project_domain_name = Default/, %r{^signing_dir = /var/cache/cinder/api$}, - %r{^auth_url = http://127.0.0.1:5000/v2.0$}, + %r{^auth_url = http://127.0.0.1:5000/v3$}, /^password = cinder-pass$/ ].each do |line| expect(chef_run).to render_config_file(file.name)